Privacy and Data
In this section:
Morningstar is committed to keeping your personal information safe. This Privacy Statement describes how we use personal information, with whom we may share it, how we keep it secure, and your rights relating to your personal information.
This Privacy Statement applies to Morningstar EMEA users and customers (or “you”) who use, order, register, or interact with any Morningstar product or service. This includes customers and subscribers, product users, site visitors, and event attendees. This Privacy Statement applies to all personal information you provide us, whether through our website or otherwise.
Morningstar U.K. is the controller or processor (as explained below) for the personal information collected in accordance with this Privacy Statement.
Morningstar offers a wide range of products and services throughout the world and may use your information in different ways. You can find privacy statements for certain subsidiaries’ products here. In the event of a conflict between the terms of this Privacy Statement and a product-specific privacy statement, the product-specific terms will take precedence.
Depending on the Morningstar products and services you use, Morningstar is either a controller or a processor. Morningstar is a controller (a) in connection with the performance of its legal obligations or exercise of its rights and obligations under a contract it has in place with a customer, supplier, website subscriber, or other third parties, as well as to provide requested services and (b) where it collects personal information for marketing and business-development purposes.
Where a customer subscribes to a Morningstar online tool or service into which they input personal information of their employees, or other third parties for their own purposes, the customer will be the data controller in respect of this personal information. Morningstar is the processor where it hosts personal information inputted into the online tool. The customer should therefore ensure that it and its authorised users are compliant with their obligations as a controller of this personal information and can comply fully with data access requests, have consent (where required) or other legitimate grounds for the processing of the personal information inputted into the online tool or service.
Where Morningstar is a processor, we will process your personal information in accordance with our customers’ instructions and as further agreed in the contract we enter with our customers.
Morningstar is a global company and hosts instances of its online tools outside of the EEA and UK both within Morningstar and with selected third parties that have been selected for their compliance with applicable law. Morningstar ensures it has appropriate security and failover safeguards to ensure its SLAs for availability are met and to protect the integrity of its online tools and the personal information and information inputted by the authorised users.
The below sections of this Privacy Statement explain how Morningstar processes your personal information as a controller.
Certain Morningstar products have specific privacy practices that apply to them. In the event of a conflict between the terms of this Privacy Statement and the product-specific privacy practices, the product-specific privacy practices take precedence. Below, you can find a brief FAQ about how specific Morningstar products use your personal information.
How we collect your information
Morningstar collects your personal information through your interactions with us or from third-party sources. Specifically, we collect your information when:
- You use, purchase, or subscribe to our products or services.
- You interact with us, including when you ask us for support, attend one of our events, or otherwise contact us.
We may also collect information about you from third parties, including:
- Your employer, organization, or other third party that arranges access to our products and services for you.
- Our partners and other service providers that work with us to provide you with our products or services. For example, with your consent, we may receive your information from your bank or other financial institutions.
- Your financial advisor, who may give us personal information about you when they use our products or services.
- Other publicly available sources.
Personal information we collect
The types of personal information we collect depend on your interactions with us and may include the following:
- Name and contact information: Your first and last name, email address, postal address, phone number, and other contact information.
- Account credentials: Your user ID, password, password hints, and other similar security information used to authenticate your account.
- Demographic information: Your age, sex, geographic location, and preferred language.
- Payment details: Your bank account information, credit card number, and other information used to process payments.
- Subscription and usage information: Information about the products or services you subscribe to and how you use them, including preferences, browsing history, and help information.
- Device and network information: Information about your device, such as IP address, location, or internet service provider.
- Financial and portfolio information: Information about your finances, portfolio, and transactions.
- Audio or video information: If you visit a Morningstar location or participate in a Morningstar event, Morningstar may record your image or voice.
- User content: Your files or other information you upload to our products or services.
How we use personal information
How Morningstar uses your information depends on the product and service that you use and your relationship with us. We use personal information as permitted under applicable law and for the following purposes:
To provide a service that you requested, including to:
- Provide products and services, verify your identity, personalize the content you receive, create and administer your account, and send important account and product update information.
- Provide content or offers of content from third parties that you request.
- Provide customer service, as well as technical and product support.
In accordance with our legitimate interests, namely to:
- Conduct research and develop, improve, test, and enhance the features and functions of our products and services.
- Protect your, our, or third parties’ networks, systems, property, or physical safety.
- Comply with requests from regulatory agencies, law enforcement, and other public and government authorities.
- Enforce our contracts, terms, and conditions, or otherwise exercise our legal rights; defend ourselves from claims; and comply with laws and regulations that apply to us or third parties with whom we work.
- Provide you with marketing or advertisements.
Generate anonymous, aggregated data which we use for research and product development. We may publish or otherwise provide the results of this research data in our products and services. If you would like more information on how we use anonymized data, or if you would like to opt out, please click here.
- Participate in any merger, acquisition, or other corporate transaction.
To comply with our legal obligations, which include our or third parties’ audit and compliance requirements, such as under tax law and laws governing securities and financial services. Morningstar will produce personal information to a government regulating body or law enforcement only upon a lawful demand for such information.
Where required by law, we obtain your consent before using your data for marketing purposes. This is the case, for example, for third-party advertisements or when you are not an existing customer and want to subscribe to our newsletters.
How we share personal information
Morningstar shares your personal information with other Morningstar companies, our business partners, content providers, customers, service providers, and other third parties with your consent or for the purposes disclosed above in this Privacy Statement. Where required by applicable law, Morningstar puts in place appropriate contractual safeguards to ensure that service providers only process personal information pursuant to our instructions and implement appropriate technical and organizational safeguards to keep your personal information secure.
Links to other websites and services
Where applicable, Morningstar may provide links to one or more third-party sites within our products or services. This Privacy Statement does not apply to those sites. We encourage you to read any third-party site’s privacy statements, policies, or other disclosures before providing any of your personal information to them.
How we protect, store, and transfer your personal information
Morningstar maintains a comprehensive information security program intended to keep your information safe. We have technical, physical, and organizational measures in place to protect against unauthorised access to or unauthorised alteration, disclosure, or destruction of personal information. The measures we use are appropriate to the nature, scope, and purpose for which we use the personal information we collect. Only Morningstar staff that need access to personal customer data to perform their roles have access to it and do so in accordance with this Privacy Statement.
Our security and privacy policies are periodically reviewed and enhanced as necessary.
Morningstar companies, its operations, workforce, and service providers are located throughout the world. Depending on how you interact with us, your personal information may be handled and stored in, accessed from, or transferred to different countries. These countries may include the United States, Canada, China, India, Australia, Singapore, and others. These countries may not guarantee the same level of protection for personal information and judicial redress as the country in which you reside. We put in place contractual transfer contracts (such as EU Model Clauses) with the data recipients to ensure that your personal information remains protected when it leaves the EEA and/or UK.
If you would like to receive more information about, or a copy of, our transfer contracts, please contact us through one of the methods listed below in the section Contact Us.
In accordance with applicable law, you have certain rights in respect to your information, such as a right of access, rectification, restriction, erasure, opposition, and portability. Where you gave us your consent to process personal information, you have a right to withdraw that consent for the future at any time. You also have a right to lodge a complaint with the Supervisory Authority for data protection in your country. To exercise those rights, please contact us at [email protected].
Morningstar will respond to an access request as soon as possible and no later than 30 days of the request. In some cases, there may be reasons why Morningstar cannot accede to a particular request, for example where local retention periods require the holding of personal information for a certain period of time or such data is required to perform our obligations or exercise our rights under an Order Form and/or Agreement. If we cannot accede fully to a data subject access request, we will respond as soon as possible with reasons.
If you request that we erase your personal information and we process that request, we may still retain certain elements of your personal information as permitted by law, including to comply with legal, regulatory, or our own policy requirements.
We won’t discriminate against our customers that choose to exercise their rights to access, control, or delete their personal information. Some of our products and services, however, may require your personal information. If you choose not to provide your personal information or erase your personal information, you may not be able to use those products or services.
Morningstar retains personal information only for as long as necessary to fulfil our contractual or legal obligations or for the amount of time necessary to fulfil the purposes we have set out above. Individual jurisdictions have different tax, accounting, regulatory, and legal retention requirements and Morningstar is bound to keep certain personal information in accordance with these local requirements.
If you access our website to inquire about employment with a Morningstar company, we may collect the following personal information: your name, physical and email addresses, phone number(s), and any additional employment-related information that you choose to provide.
If you are submitting an employment application through our site, we may also collect your username and password.
We use this information to process and manage your application for employment with Morningstar. We may also use candidate personal information to fulfil reporting requirements as required by law.
Morningstar does not separately identify or collect any information that is specific to children.
Cookies and similar technologies
Certain Morningstar affiliates may offer products and services that have specific privacy policies that apply to them. In the event of a conflict between the terms of this Privacy Statement and the product-specific privacy statement, the product-specific statement takes precedence. Please view our product-specific statements below.
How we revise this statement
Our business frequently changes, and we may need to update this Privacy Statement to reflect those changes. When we make changes to this Privacy Statement, we’ll revise the “last updated” date at the top of this page. If we make material changes to this Privacy Statement, we’ll notify you directly as required by law.
If you have a concern, complaint, or question about how we handle your personal information, please contact us by using our web form, call us toll-free at (+44) 020 3107 0000, or write us at the following mailing address:
Morningstar UK Limited
1 Oliver’s Yard
55-71 City Road
EC1Y 1HQ – London
You can contact our data protection officer at [email protected]